TYPO3 News & Events Hub
What’s New & What’s Coming
Stay up to date with the latest TYPO3 news and announcements by subscribing to our RSS feed.
TYPO3-SA-2009-011: Cross-Site Scripting vulnerability in extension Commerce (commerce)
It has been discovered that the extension Commerce (commerce) is vulnerable to Cross-Site Scripting attacks.
Mehr erfahrenTYPO3 Association Quarterly Report
TYPO3-SA-2009-010: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password" (cwt_resetbepassword), "datamints Newsticker" (datamints_newsticker), "[Gobernalia] Front End News Submitter" (gb_fenewssubmit), "Mailform" (mailform), "Myth download" (myth_download), "Tour Extension" (pm_tour), "Twitter Search" (twittersearch), "Webesse E-Card" (ws_ecard) and "Webesse Image Gallery" (ws_gallery)
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS-INCLUDING-COOLURI-CWT-RESETBEPASSWORD-DATAMINTS-NEWSTICKER-GB-FENEWSSUBMIT-MAILFORM-MYTH-DOWNLOAD-PM-TOUR-TWITTERSEARCH-WS-ECARD-WS-GALLERY: Security issues in several third party TYPO3 extensions including cooluri, cwt_resetbepassword, datamints_newsticker, gb_fenewssubmit, mailform, myth_download, pm_tour, twittersearch, ws_ecard, ws_gallery
Several vulnerabilities have been found in the following third party TYPO3 extensions: "CoolURI" (cooluri), "Reset backend password" (cwt_resetbepassword), "datamints Newsticker" (datamints_newsticker), "[Gobernalia] Front End News Submitter" (gb_fenewssubmit), "Mailform" (mailform), "Myth download" (myth_download), "Tour Extension" (pm_tour), "Twitter Search" (twittersearch), "Webesse E-Card" (ws_ecard), "Webesse Image Gallery" (ws_gallery)
TYPO3 4.2.8, 4.1.12 and 4.0.13
The TYPO3 Core Team announces versions 4.2.8, 4.1.12 and 4.0.13 of the TYPO3 Enterprise Content Management System.
FLOW3 1.0.0 alpha 2 released
The FLOW3 Core Team is proud to announce the second alpha release of FLOW3!
TYPO3 and FLOW3 in the finals of SFCCA (vote!)
TYPO3 and FLOW3 each reached the finals of this year's SourceForge Community Choice Awards!
TYPO3-SA-2009-009: Cross-Site Scripting vulnerability in extension Modern Guestbook / Commenting System (ve_guestbook)
It has been discovered that the extension Modern Guestbook / Commenting system (ve_guestbook) is vulnerable to Cross-Site Scripting.
TYPO3-SA-2009-008: Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "FrontEnd MP3 Player" (fe_mp3player), "Search In Tables" (fesearchintable), "Content Search" (gst_contentsearch), "Multilingual Alias" (multilingual_alias), "Myth Repository" (myth_repository) and "References database" (t3references)
TYPO3-SA-2009-007: TYPO3 Security Bulletin
It has been discovered that the extension Virtual Civil Services (civserv) is vulnerable to SQL-injections.